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We study encodings from CSP into asynchronous CCS with name passing and matching, so in fact, 
the asynchronous ;r-calculus. By doing so, we discuss two different ways to map the multi-way 
synchronisation mechanism of CSP into the two-way synchronisation mechanism of CCS. Both en¬ 
codings satisfy the criteria of Gorla except for compositionality, as both use an additional top-level 
context. Following the work of Parrow and Sjodin, the first encoding uses a centralised coordinator 
and establishes a variant of weak bisimilarity between source terms and their translations. The sec¬ 
ond encoding is decentralised, and thus more efficient, but ensures only a form of coupled similarity 
between source terms and their translations. 

1 Introduction 

In the context of a scientific meeting on Expressiveness in Concurrency and Structural Operational Se¬ 
mantics (SOS), likely very little needs to be said about the process algebras (or process calculi) CSP and 
CCS. Too many papers have been written since their advent in the 70’s to be mentioned in our own pa¬ 
per; it is instructive, though, and recommended to appreciate Jos Baeten’s historical overview [Tj, which 
also places CSP and CCS in the context of other process algebras like ACP and the many extensions by 
probabilities, time, mobility, etc. Here, we just select references that help to understand our motivation. 

Differences. From the beginning, although CSP I'Sj and CCS ifTTTl were intended to capture, describe 
and analyse reactive and interactive concurrent systems, they were designed following rather different 
philosophies. Tony Hoare described this nicely in his position paper f9'| as follows: “A primary goal in the 
original design of CCS was to discover and codify a minimal set of basic primitive agents and operators 
... and a wide range of useful operators which have been studied subsequently are all definable in terms 
of CCS primitives.” and “CSP was more interested in this broader range of useful operators, independent 
of which of them might be selected as primitive.” So, at their heart, the two calculi use two different 
synchronisation mechanisms, one (CCS) using binary, i.e., two-way, handshake via matching actions 
and co-actions, the other (CSP) using multiway synchronisation governed by explicit synchronisation 
sets that are typically attached to parallel composition. Another difference is the focus on Structural 
Operational Semantics in CCS, and the definition of behavioural equivalences on top of this, while CSP 
emphasised a trace-based denotational model, enhanced with failures, and the question on how to design 
models such that they satisfy a given set of laws of equivalence. 

Comparisons. From the early days, researchers were interested in more or less formal comparisons 
between CSP and CCS. This was carried out by both Hoare f91 and Milner ifT^ themselves, where they 
concentrate on the differences in the underlying design principles. But also other researchers joined the 
game, but with different analysis tools and comparison criteria. 

For example, Brookes |f3l contributed a deep study on the relation between the underlying abstract 
models, synchronisation trees for CCS and the failures model of CSP. Quite differently, Fanese and 
Montanari ifTOl used the power to transform graphs as a measure for the expressiveness of the two calculi. 
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Yet completely differently, Parrow and Sjddin II161I21II tried to find an algorithm to implement—best 
in a fully distributed fashion—the multiway synchronisation operator of CSP (and its variant LOTOS 
ll2l i using the supposedly simpler two-way synchronisation of CCS. They came up with two candi¬ 
dates—a reasonably simple centralised synchroniser, and a considerably less simple distributed syn- 
chronisei0 —and proved that the two are not weakly bisimilar, but rather coupled similar, which is only 
slightly weaker. Coupled simulation is a notion that Parrow and Sjddin invented for just this purpose, 
but it has proved afterwards to be often just the right tool when analysing the correctness of distribution- 
and divergence-sensitive encodings that involve partial commitments (whose only effect is to gradually 
perform internal choices) ifTSll . 

The probably most recent comparison between CSP and CCS was provided by van Glabbeek [3T|. 
As an example for his general framework to analyse the relative expressive power of calculi, he studied 
the existence of syntactical translations from CSP into CCS, for which a common semantical domain is 
provided via labelled transition systems (LTS) derived from respective sets of SOS rules. The comparison 
is here carried out by checking whether a CSP term and its translation into CCS are distinguishable with 
respect to a number of equivalences defined on fop of fhe LTS. The concrefe resulfs are: (1) fhere is a 
franslafion fhaf is correcf up fo frace equivalence (and confains deadlocks), and (2) fhere is no franslafion 
fhaf is correcf up fo weak bisimilarify equivalence fhaf also lakes divergence info accounf. 

Contribution. Given van Glabbeek’s negative result, and given Parrow and Sjddin’s algorithm, we 
set out to check whether we can define a syntactical encoding from CSP into CCS—using Parrow and 
Sjddin’s ideas—that is correct up to coupled similarityH We almost managed. In this paper, we report 
on our current results along these lines: (1) Our encoding target is an asynchronous variant of CCS, 
but enhanced with name-passing and matching, so it is in fact an asynchronous Ti-calculus; we kept 
mentioning CCS in the title of this paper, as it clearly emphasises the origin and motivation of this work. 
But, we could not do without name-passing. (2) We exhibit one encoding that is not distributability- 
preserving (so, it represents a centralised solution), but is correct up to weak bisimilarity and does not 
introduce divergence. This does not contradict van Glabbeek’s results, but suggests that van Glabbeek’s 
framework implies some form of distributability-preservation. (3) We exhibit another encoding that is 
distributability-preserving and divergence-reflecting, but is only correct up to coupled similarity. 

Overview. We introduce the considered variants of CSP and CCS in § |2l There we also introduce 
the criteria—that are (variants of) the criteria in [i6l and Il20ll —modulo which we prove the quality of 
the considered encodings. In § |3] we introduce the inner layer of our two encodings. It provides the 
main machinery to encode synchronisations of CSP. We complete this encoding with an outer layer that 
is either a centralised (§ H]) or a decentralised coordinator (§ |5]). In § 0 we discuss the two encodings. 
Missing proofs and some additional informations can be found in fH. 

2 Technical Preliminaries 

A process calculus i —>) consists of a set of processes (syntax) and a reduction relation i —> C 

(semantics). Let be the countably-infinite set of names, z 0 denotes an internal unobservable ac¬ 
tion. We use a,b,x, ... to range over names and P, 2,... to range over processes. We use a, j8 ... to range 
over U {t}. d denotes a sequence of names. Let fn(P) and bn(P) denote the sets of free names and 
bound names occurring in P, respectively. Their definitions are completely standard. We use a, a', ai,... 

'Recently (4), a slight variant of the protocol behind this algorithm was used to implement the distributed compiler DLC 
for a substantial subset of LNT (successor of LOTOS New Technology) that yields reasonably efficient C code. 

^The idea and a first draft of the encoding were developed by Nestmann and van Glabbeek during a stay at NICTA, Sydney. 
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to range over substitutions. A substitution is a mapping . ,^"4,,] from names to names. The appli¬ 
cation of a substitution on a term > ■ • ■ 4,,] ^ defined as the result of simultaneously replacing all 

free occurrences of y,- by .r, for / G { 1,...,« }. For all names in ^\{ yi,. ..,yn } the substitution behaves 
as the identity mapping. The relation i —> as defined in the semantics below defines the reduction steps 
processes can perform. We write P \—> P' if {P,P') G i —> and call P' a derivative of P. Let 1=^ denote 
the reflexive and transitive closure of i —>. P is divergent if it has an infinite sequence of steps P \— 
We use barbs or observables to distinguish between processes with different behaviours. We write P^a 
if P has a barb a, where the predicate • J,. can be defined differently for each calculus. Moreover P has a 
weak barb a, if P may reach a process with this barb, i.e., PJJ-a — 3P'. P 1=^ P' 

As source calculus we use the following variant of CSP [81. 

Definition 1. The processes ^csp are given by 

P::=P|UP I DIV I STOP | POP | P/b \ f{P) \ X \ ixXP \ 

where X G is a process variable, A C and c/ is a finite index set. 

P||a 2 is the parallel composition of P and Q, where P and Q can proceed independently except for 
actions a G A, on which they have to synchronise. DIV describes divergence. STOP denotes inaction. 
Internal choice PUQ reduces to either P or Q within a single internal step. Concealment P/b hides an 
action b and masks it as T. Renaming f{P) for some / : extended by /(t) = T behaves as P, 

where a is replaced by f{a) for all a G aL. Recursion fxX ■ P describes a process behaving like P with 
every occurrence of X being replaced by jjtX ■ P. External choice a, ^ P,- offers a selection of one 
of the action prefixes ai —> • followed by the corresponding continuation Pi, so it may perform any a, and 
then behave like P,. Note that we enforce action prefixes to be syntactically part of an external choice 
construct. As usual, we use M □ V to denote binary external choice. 

The CSP semantics is given by the following rules, using labelled steps —)■ to define i —>: 



subterms of P such that every action prefix in P occurs in exactly one of the Pi,..., P„, where different 
but equally-named action prefixes are distinguished and unguarded occurrences of jJtX ■ P' may result in 
several copies of P' within the Pi,... ,P„. 

As target calculus we use an asynchronous variant of CCS ifTTI with name-passing and matching. 
Definition 2. The processes ^ccs are given by 

P::=P|P I (vc)P I *c(x).P | c{x).P \ c{x) \ [c = z]P 


0 
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P I 2 is the parallel composition of P and Q, where P and Q can either proceed independently or 
synchronise on matching channels names. (vc)P restricts the visibility of actions using names in c to P. 
c{x).P denotes input on channel c. c{x) is output on channel c. Since there is no continuation, we 
interpret this calculus as asynchronous. We use *c{x).P to denote replicated input on channel c with the 
continuation P. [x = y\P is the matching operator, iix = y then P is enabled. 0 denotes inaction. 

The CCS semantics is given by following transition rules: 

P^P' P^P' P = P' P'^Q' Q' = Q 

P\Q' — >P'\Q (vc)Pi— >{vc)P’ Pi —>Q 

_ *c{^).P I c(y) I—^ *c(x).P I P\y/x] c{y) \ c_{x).Q i—^ P | Q\y/x] _ 

where = denotes structural congruence given by the rules: P | 0 = P, P | 2 = 2 | P, P | (2 | P) = (P | 2) | 
R, (vd)0 = 0, P I (vd) 2 = ivd){P I 2) if bn(d) ^ fn(P), and [x = x]P = P. As discussed in |[20l . a CCS 
term P is distributable into Pi,... ,P„ if P = (vv)(Pi | ... \P„). 

Simulation Relations. The semantics of a process is usually considered modulo some behavioural 
equivalence. For many calculi, the standard reference equivalence is some form of weak bisimilarity. 
In the context of encodings, the source and target language often differ in their relevant obervables, i.e., 
barbs. In this case, it is advantageous to use a variant of reduction bisimilarity. With Gorla |61, we add a 
success operator / to the syntax of both CSP and CCS. Since / cannot be further reduced, the semantics 
is left unchanged in both cases. The test for the reachability of success is standard in both languages, i.e., 
P i/ = 3P'. P = / I P'. To obtain a non-trivial equivalence, we require that the bisimulation respects 
success and the reachability of barbs. We use the standard definition of barbs in CSP, i.e., action prefixes. 
Our encoding funcfion will franslafe all source ferms info closed ferms, fhus fhe sfandard definition of 
CCS barbs would nof provide any information. Insfead we use a nofion of franslafed barb (•-IJ'|[.j]) thaf 
reflecfs how fhe encoding funcfion franslafes source ferm barbs. Ifs definition is given in Secfion|2 

Definition 3 (Bisimulafion). A relation C is a (success-sensitive, [translated-]barb-respecting, 
weak, reduction) bisimulation if, whenever (P, 2) € then: 

• Pi— >P' implies 3Q'. Q\=^Q'A (P', Q') G 

• 2 I— >Q' implies 3P'. P |=^ P' A (P', Q') G M 

• P^/iff2^/ 

• P and 2 reach the same (translated) barbs, where we use • for CSP and • for CCS 

Two terms P, 2 G are bisimilar, denoted as P « 2^ if there exists a bisimulation that relates P and Q. 

We use the symbol k. to denote either bisimilarity on our target language CCS or on the disjoint union 
of CSP and CCS that allows us to describe the relationship between source terms and their translations. 
In the same way we define a corresponding variant of coupled similarity. 

Definition 4 (Coupled Simulation). A relation is a (success-sensitive, [translated-]barb- 

respecting, weak, reduction) coupled simulation if, whenever (P, 2) C then: 

• Pi— >P' implies 3Q'. Q^Q' A (P', Q') G ^ and 3Q''. Q^Q" A {Q",P') G ^ 

• P^/iff2^/ 

• P and 2 reach the same (translated) barbs, where we use • JJ-a for CSP and • for CCS 

Two terms P,Q£ are coupled similar, denoted as P «cs 2> if there exists a coupled simulation that 
relates P and Q in both directions. 

Encodings and Quality Criteria. We consider two different translations from (the above-defined vari¬ 
ant of) CSP into (the above-defined variant of) CCS with name passing and matching. In this context, we 
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refer to CSP terms as source terms and to CCS terms as target terms Encodings often translate 
single source steps into a sequence or pomset of target steps. We call such a sequence or pomset a simu¬ 
lation of the corresponding source term step. Moreover, we assume for each encoding the existence of a 
so-called renaming policy tp, i.e., a mapping of names from the source into vectors of target term names. 

To analyse the quality of encodings and to rule out trivial or meaningless encodings, Gorla f6| provide 
a general framework comprising five quality criteria, which have afterwards been used in many papers. 
In addition to our above-mentioned definition of process calculus, whough, Gorla requires the target 
calculus to be equipped with a notion of behavioural equivalence x on target terms. Its purpose is to 
describe the ‘abstract’ behaviour of a target process, where ‘abstract’ refers to an observer at the source 
level. In fhl, the equivalence x is often defined as a barbed equivalence (cf. ifTSll l or can be derived 
directly from the reduction semantics, and it typically is a congruence, at least with respect to parallel 
composition. Bisimilarity and coupled similarity are such relations on CCS terms. The criteria are: 

(1) Compositionality. The translation of an operator op is the same for all occurrences of that oper¬ 
ator in a term, i.e., it can be captured by a context such that enc(op (xi,... ... ,Sm)) = 

(xi,... ,x„,enc(5'i),... ,enc(5'm)) for ^(Si) U ... Ufn(5'm) = N. 

(2) Name Invariance: The encoding does not depend on particular names, i.e., for every S and a, it holds 
that enc(a(S)) = a'(enc(5')) if a is injective and enc(a(S)) x a'(enc(S)) otherwise, where o' is 
such that q){o (n)) = o' {(pin)) for every n G 

(3) Operational Correspondence: Every computation of a source term can be simulated by its transla¬ 
tion, i.e., S l=>s S' implies enc(5') enc(5'') (completeness), and every computation of a target 

term corresponds to some computation of the corresponding source term (soundness, compare to 
Section[5]l. 

(4) Divergence Reflection: The encoding does not introduce divergence, i.e., enc(S) i—implies S i— 

(5) Success Sensitiveness: A source term and its encoding answer the tests for success in exactly the 
same way, i.e., iff enc(5') JJ-/. 

Our encodings will satisfy all of these criteria except for compositionality, because both encodings 
consists of two layers. |[20l shows that the above criteria do not ensure that an encoding preserves distri¬ 
bution and proposes an additional criterion for the preservation of distributability. 


Definition 5 (Preservation of Distributability). An encoding enc(-) preserves distributability if for every 
S and for all terms ,..., S„ that are distributable within S there are some T\,... ,Tn that are distributable 
within enc(S) such that 7)- x enc(5',) for all I <i <n. 


Here, because of the choice of the source and the target language, an encoding preserves distributability 
if for each sequence of distributable source term steps their simulations are pairwise distributable. In both 
languages two alternative steps of a term are in conflict with each other if—for CSP—they reduce the 
same action-prefix or—for CCS—they either reduce the same input using two outputs or they reduce the 
same output using two [replicated] inputs. Two alternative steps that are not in conflict are distributable. 


3 Translating the CSP Synchronisation Mechanism 

CSP and CCS—or the Ti-calculus—differ fundamentally in their communication and synchronisation 
mechanisms. In CSP there is only a single kind of action c ^ ■, where c is a name. Synchronisation is 
implemented by the parallel operator - Ha - that in CSP is augmented with a set of names A containing the 
names that need to be synchronised at this point. By nesting parallel operators arbitrarily many actions 
on the same name can be synchronised. In CCS there are two different kinds of actions: inputs c and 
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outputs c. Again synchronisation is implemented by the parallel operator, but in CCS only a single input 
and a single matching output can ever be synchronised within one step. 

To encode the CSP communication and synchronisation mechanisms in CCS with name passing we 
make use of a technique already used in II171I19II to translate between different variants of the Ti-calculus. 
CSP actions are translated into action announcements augmented with a lock indicating, whether the 
respective action was already used in the simulation of a step. The other operators of CSP are then 
translated into handlers for these announcements and locks. The translation of sum combines several 
actions under the same lock and thus ensures that only one term of the sum can ever be used. The 
translation of the parallel operator combines announcements of actions that need to be synchronised 
into a single announcement under a fresh lock, whose value is determined by the combination of the 
respective underlying locks at its left and right side. Announcements of actions that do not need to be 
synchronised are simply forwarded. A second layer—containing either a centralised or a decentralised 
coordinator—then triggers and coordinates the simulation of source term steps. 

Action announcements are of the form a(c, r, l,r'): c is the translation of the source term action, r 
is used to trigger the computation of the Boolean value of I. The lock I evaluates to T as long as the 
respective translated action was not successfully used in the simulation of a step, r' is used to guard the 
encoded continuation of the respective source term action. In the case of a successful simulation attempt 
involving this announcement, an output r'(T) allows to unguard the encoded source term continuation 
and ensures that all following evaluations of I return _L. The message r'(±) indicates an aborted simula¬ 
tion attempt and allows to restore I for later simulation attempts. Once a lock becomes ±, all request for 
its computation return X. 

Abbreviations. We introduce some abbreviations to simplify the presentation of the encodings. We use 

[x€A]P = Y\aeA[x = a\P 

to test, whether an action belongs to the set of synchronised actions in the encoding of the parallel 
operator. As already done in II141I151 we use Boolean-valued locks to ensure that every translation of an 
action is only used once to simulate a step. Boolean locks are channels on which only the Boolean values 
T (true) or X (false) are transmitted. An unguarded output over a Boolean lock with value T represents a 
positive instantiation of the respective lock, whereas an unguarded output sending X represents a negative 
instantiation. At the receiving end of such a channel, the Boolean value can be used to make a binary 
decision, which is done here within an \¥-construct. This construct and according instantiations of locks 
are implemented as in II141I15I1 using restriction and the order of transmitted values. 

KT) = Kx) 4 

l(Z7).IF(j thenPelse 2 = (vt,/)(!(?,/) \t_.P\f.Q) 

We observe that the Boolean values T and X are realised by a pair of links without parameters. Both 
cases of the iF-construct operate as guard for its subterms P and Q. The renaming policy (0 reserves the 
names t and / to implement the Boolean values T and X. 

The Algorithm, The encoding functions introduce some fresh names, that are reserved for special 
purposes. In Table [U we list the reserved names AS and provide a hint on their purpose. Moreover 
we reserve the names {.r/ | / € N } and assume an injective mapping tp': AC —)• {.r,- | / G N } that maps 
process variables of CSP to distinct names. The renaming policy q) for our encodings is then a function 
that reserves the names in U { a:, | / € N } and translates every source term name into three target term 
names. More precisely, choose (p : —)■ such that: 

1. No name is mapped onto a reserved name, i.e., (p{n) n {ASC {.r,- | / € N }) = 0 for all n G 

2. No two different names are mapped to overlapping sets of names, i.e., (p{n) n (p{m) = 0 for all 
n,m^ with n^m. 
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reserved names 

purpose 

a, a' 

announce the ability to perform an action 


(translated) source term channel, channel from the left/right of a parallel operator 

1, II, Ir 

lock, lock from the left/right of a parallel operator 

1' 

re-instantiate a positive sum lock 

r, tl, tr 

request the computation of the value of a lock 

r', r',-, r'L, t'r 

simulate a source term step and unguard the corresponding continuations 

n 

order left announcements for the same channel that need to be synchronised 

s, s' 

distribute right announcements that need to be synchronised 

b 

Boolean value (± or T) 

T 

fresh name used to announce T-steps that result from concealment 

once 

used by the centralised encoding to avoid overlapping simulation attempts 

m 

fresh names used to encode internal choice 

d 

fresh names used to encode divergence 

tj 

used to encode Boolean values 


Table 1: Reserved Names. 


We naturally extend the renaming policy to sets of names, i.e., (p{X) = { (p{x) | x € X } if X C ,yV. 

Let ((xi,... ,x„)) .i = Xi denote the projection of a n-tuple to its /th element, if 1 < / < n. Moreover 

{X) .i = { (x)./1 X G X } for a set X of n-tuples and 1 < / < n. 

The inner part of our two encodings is presented in Figured! The most complex case is the translation 

of the parallel operator [[FUaGJJ that is based on the following four steps: 

Step 1 : Action announcements for channels c ^ A 

In the case of actions on channels c ^ A—that do not need to be synchronised here—the encoding 
of the parallel operator acts like a forwarder and transfers action announcements of both its subtrees 
further up in the parallel tree. Two different restrictions of the channel for action announcements 
a from the left side [[FJJ and the right side [[2]J, allow to trace action announcements back to their 
origin as it is necessary in the following case. In the present case we use a' to bridge the action 
announcement over the restrictions on a. 

Step 2: Action announcements for channels c G A 

Actions c G A need to be synchronised, i.e., can be performed only if both sides of the parallel 
operator cooperate on this action. Simulating this kind of synchronisation is the main purpose of 
the encoding of the parallel operator. The renaming policy (p translates each source term name 
into three target term names. The first target term name is used as reference to the original source 
term name and transferred in announcements. The other two names are used to simulate the 
synchronisation of the parallel operator in CSR Announcements from the left are translated to 
outputs on the respective second name and announcements from the right to the respective third 
name. Restriction ensures that these outputs can only be computed by the current parallel operator 
encoding. The translations of the announcements into different outputs for different source term 
names allows us to treat announcements of different names concurrently using the term Synch (c), 
where c is a source term name. 

Step 3: The term Synch (c) 

In Synch (c) all announcements for the same source term name c from the left are ordered in order 
to combine each left and each right announcement on the same name. Several such announcements 
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IPIUGJ = (va',(9(A)).2,((p(A)).3)( 

(va)(lP| I *a(c,x).([cG (9(A)).1 ](^(^(x) | [c ^ ( 9 (A)) .l]i^(c,x))) 
(va)(lG| I *a(c,x).([cG ((p(A)).l](^(^(x) | [c ^ ((p(A)) .l]7(c,x))) 

I ricGASynch (c) I *^(x).a(x)) 

Synch(c) = (vn) (n{{(p{c)) 3) 

I *n(s) f ((p(c)).2 (rL, II,t'l) • ( (vs') 

*s(rR,lR,r'R).((vr,l,r')(a(((p(c)).l,r,l,r') | Sim) | s'(rR, Ir,t'r)) 

I (vs)(n(s) I *s((a).s(x)))))) 

Sim = (vT) I *\\ (^r. I kXb). (^IF b THEN | Ir(^) . b 

THEN (I(T) I r^(^).(FL(^) l^(^) I IF Z; THEN *r.I(±) ELSeF)) 

ELSE (I(±) I ?^:(A)) I *rJ(±))) 

ELSE (i(A) I *rJ(±)))))) 
mieyC^PiW = (vr,l,r'i,...,r'„) (r.I(T) 

I Uiey (a((c,).l,r,l,r';) | .IF ^ THEN (^P,JJ | *r.K±)) ELSE r.i(T))) 

F(^)Ail - (^a')((^3>^)(ii^il I *^{ c , x).{[c = z ] 5 '{ t , x ) I [c/z]a'(c,x))) | *a((x).a(x)) 
F/(^)F - (va') ((va,z) ([[PJJ I *a(c,x) [c = {(p{x)) .1] a^(((p(z)) .l,x) 

I [c i dom(/)]7(c,x))) I *^(x).a(x)) 

^DIV| ^ (vd)(d I *d.d) 
m-p]\ 4 {v(p'ix))(y(x)\*(^iP\\) 

iPneJ =(vm)(m.lP]j|m.leJ|m) 

ISTOPJ =0 
=/ 

where ^ (<p(A)) .1 is short for G (fn(P) Ufn(2)) \ (<p(A)) .1, ^ dom(/) is short for G fn(P) \dom(/), and 
/ z is short for G fn(P) \ { z }. 


Figure 1: An eneoding from CSP into CCS with value passing (inner part). 
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may result from underlying parallel operators, sums with similar summands, and junk left over 
from already simulated source term steps. For each left announcement a fresh instance of s is 
generated and restricted. The names s and s' are used to transfer right announcements to the 
respective next left announcement, where s' is used to bridge over the restriction on s. This way 
each right announcement will eventually be transferred to each left announcement on the same 
name. Note that this kind of forwarding is not done concurrently but in the source language a term 
F11.4 2 also cannot perform two steps on the same name c E A concurrently. After combining a left 
and a right announcement on the same source term name a fresh set of auxiliary variables r, l,r' 
is generated and a corresponding announcement is transmitted. The term Sim reacts to requests 
regarding this announcement and is used to simulate a step on the synchronised action. 

Step 4: The term Sim 

If a request reaches Sim it starts questioning the left and the right side. First the left side is 
requested to compute the current value of the lock of the action. Only if T is returned, the right 
side is requested to compute its lock as well. This avoids deadlocks that would result from blindly 
requesting the computation of locks in the decentralised encoding. If the locks of both sides are 
still valid the fresh lock I returns T else _L is returned. For each case Sim ensures that subsequently 
requests will obtain an answer by looping with I' or returning _L to all requests, respectively. The 
messages r'L(-L) and r'R(_L) cause the respective underlying subterms on the left and the right 
side to do the same, whereas r'L(T) and r'R(T) cause the unguarding of encoded continuations as 
result of a successful simulation of a source term synchronisation step. 

Basic Properties and Translated Observables. The protocol introduced by the encoding function in 
Figure [U (and its outer parts introduced later) simulates a single source term step by a sequence of target 
term steps. Most of these steps are merely pre- and post-processing steps, i.e., they do not participate in 
decisions regarding the simulation of conflicting source term steps but only prepare and complete simula¬ 
tions. Accordingly we distinguish between auxiliary steps —that are pre- and post-processing steps—and 
simulation steps —that mark a point of no return by deciding which source term step is simulated. Note 
that the points of no return and thus the definition of auxiliary and simulation steps is different in the two 
variants of our encoding. 

Auxiliary steps do not influence the choice of source terms steps that are simulated. Moreover they 
operate on restricted channels, i.e., are unobservable. Accordingly they do not change the state of the 
target term modulo the considered reference relations rs and rScs- We introduce some auxiliary lemmata 
to support this claim. 

The encoding [[-JJ translates source term barbs c into free announcements with ((p(c)) .1 as first value 
and a lock I as third value that computes to T. The two coordinators, i.e., outer encodings, we introduce 
later, restrict the free a-channel of [[-JJ. 

Definition 6 (Translated Barbs). Let T E such that 35. |[5JJ I=>t T, 35. [5] I=^t T, or 35. (|5D I=^>t 
r. r has a translated barb c, denoted by T i|[c ]]5 if 

• there is an unguarded output a(((p(c)) .1, r, I, r') —on a free channel a in the case of [[-JJ or the 
outermost variant of a in the case of the later introduced encodings [[•] and (j-D—in T or 

• such an announcement was consumed to unguard an iF-construct testing I and this construct is still 
not resolved in T 

such that all locks that are necessary to instantiate I are positively instantiated. 

Analysing the encoding function in Figure [U we observe that an encoded source term has a translated 
barb iff the corresponding source term has the corresponding source term barb. 
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[Pi = (va,once) ([[Pj] | once | *on^.a(c,r,l,r').(r | l(Z>).(once | IF THEN i''(T)))) 

Figure 2: A centralised encoding from CSP into CCS with value passing. 

Observation 7. For all S G ^s> it holds Sic iff [[5'JJ |[[cj]- 

All instances of success in the translation result from success in the source. More precisely the only 
way to obtain / in the translation is by [[/ JJ = /. 

Observation 8. For all S G it holds S|/ iff [[SJJ |/. 

The encoding propagates announcements through the translated parallel structure. In the translation 
of parallel operators it combines all left and right announcements w.r.t. to the same channel name, if this 
channel needs to be synchronised. Therefore we copy announcements. We use locks carrying a Boolean 
value to indicate whether an announcement was already used to simulate a source term step. These locks 
carry T in the beginning and are swapped to _L as soon as the announcement was used. In each state 
there is at most one positive instantiation of each lock and as soon as a lock is instantiated negatively it 
never becomes positive again. 

Lemma 9. Let T G such that 35. [[5]J I=^t P- Then for each variant I of the names I, II, Ir 

1. there is at most one positive instantiation of I in T, 

2. if there is a positive instantiation of I in T then there is no other instantiation of I in T, 

3. if there is a negative instantiation of I in T then no derivative ofT contains a positive instantiation 
ofl 


4 The Centralised Encoding 

Figured] describes how to translate CSP actions into announcements augmented with locks and how the 
other operators are translated to either forward or combine these announcements and locks. With that 
[[•JJ provides the basic machinery of our encoding from CSP into CCS with name passing and matching. 
However it does not allow to simulate any source term step. Therefore we need a second (outer) layer 
that triggers and coordinates the simulation of source term steps. We consider two ways to implement 
this coordinator: a centralised and a decentralised coordinator. The centralised coordinator is depicted in 
Figure |2l 

The channel once is used to ensure that simulation attempts of different source term steps cannot 
overlap each other. For each simulation attempt exactly one announcement is consumed. The coordina¬ 
tor then triggers the computation of the respective lock that was transmitted in the announcement. This 
request for the computation of the lock is propagated along the parallel structure induced by the transla¬ 
tions of parallel operators until—in the leafs—encodings of sums are reached. There the request for the 
computation yields the transmission of the current value of the respective lock. While being transmitted 
back to the top of the tree, different locks that refer to synchronisation in the source terms are combined. 
If the computation of the lock results with T at the top of the tree, the respective source term step is sim¬ 
ulated. Else the encoding aborts the simulation attempt and restores the consumed informations about 
the values of the respective locks. In both cases a new instance of once allows to start the next simulation 
attempt. Accordingly only some post-processing steps can overlap with a new simulation attempt. 

As we prove below, the points of no return in the centralised encoding can result from the consump¬ 
tion of action announcements by the outer encoding in Figure |2] if the corresponding lock computes to 
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T. Moreover the encoding of internal choice and divergence introduces simulation steps, namely all 
steps on variants of the channels m, d, and (p'{X). All remaining steps of the centralised encoding are 
auxiliary. 

Definition 10 (Auxiliary and Simulation Steps). A step T i— T' such that 3S G ^s- PI I=^t T is 
called a simulation step, denoted by T T', if T i—^ T' is a step on the outermost channel a and the 

computation of the value of the received lock I will return T or it is a step on a variant of m, d, or (p'(A). 

Else the step T \ — T' is called an auxiliary step, denoted by T i—^ T'. 

Let |=A 4 > denote the reflexive and transitive closure of i—^ and let l=^ = |=A4 >iA 1>|=^_ Auxiliary steps do 
not change the state modulo rs. 

Lemma 11. T i—^ T' implies T « T' for all target terms T, T'. 

By distinguishing auxiliary and simulation steps, we can prove a condition stronger than operational 
correspondence, namely that each source term step is simulated by exactly one simulation step. 

Lemma 12. For all S,S', it holds S i— S' iffBT. pl T A pl T. 

This direct correspondence between source term steps and the points of no return of their translation 
allows us to prove a variant of operational correspondence that is significantly stricter than the variant 
proposed in Q. 

Definition 13 (Operational Correspondence). 

An encoding enc(-) : 1 ^$ is operationally corresponding w.r.t. C if it is: 

Complete: yS,S'. S \=^s S' implies 3T. p]] |=^t T A pl « T 
Sound: VS, T. pl ^x T implies 3S'. S l=^s S' A pl i T 
The ‘if’-part of Lemma [12] implies operational completeness w.r.t. and the ‘only-if’-part contains the 

main argument for operational soundness w.r.t. Ri. Hence !•] is operationally corresponding w.r.t. to rs. 

Theorem 1. The encoding !■] is operationally corresponding w.r.t. to Rs. 

To obtain divergence reflection we show that there is no infinite sequence of only auxiliary steps. 
Then divergence reflection follows from the combination of this fact and Lemma [121 
Theorem 2. The encoding !■] reflects divergence. 

The encoding function ensures that pj has an unguarded occurrence of / iff S has such an un¬ 
guarded occurrence. Operational correspondence ensures that S and pJ also answer the question for the 
reachability of / in the same way. 

Theorem 3. The encoding !•] is success sensitive. 

In a similar way we can prove that a source term reaches a barb iff its translation reaches the respec¬ 
tive translated barb. 

Theorem 4. For all S,c, it holds SJJ-c iff pl 'IJ'|[cJ]- 

As proved in |[T8ll . Theorem [T] the fact that is success sensitive and respects (translated) barbs. 
Theorem |3l and Theorem |4| imply that for all S it holds S and pl are (success sensitive, (translated) 

barb respecting, weak, reduction) bisimilar, i.e., 5 pl. Bisimilarity is a strong relation between source 
terms and their translation. On the other hand, because of efficiency, distributability preserving encodings 
are more interesting. Because of once the encoding [-I obviously does not preserve distributability. 
As discussed in |[T^ bisimulation often forbids distributed encodings. Instead they propose coupled 
simulation as a relation that still provides a strong connection between source terms and their translations 
but is more flexible. Lollowing the approach in IT^ we consider a decentralised coordinator next. 


72 


Encoding CSP into CCS 


dPD = (va)([[PjJ |*a(c,r,l,r').(r|l(Z7).lF^THENr'(T))) 

Figure 3: A decentralised encoding from CSP into CCS with value passing. 


5 The Decentralised Encoding 

Figure [3] presents a decentralised variant of the coordinator in Figured The only difference between the 
centralised and the decentralised version of the coordinator is that the latter can request to check different 
locks concurrently. Technically [•] and d'D differ only by the use of once. As a consequence the steps of 
different simulation attempts can overlap and even (pre-processing) steps of simulations of conflicting 
source term steps can interleave to a certain degree. Because of this effect, d'D does not satisfy the version 
of operational correspondence used above for !•], but d'D satisfies weak operational correspondence that 
was proposed in | 6 i as part of a set of quality criteria. 

Since several announcements can be processed concurrently by the decentralised coordinator, here all 
consumptions of announcements are auxiliary steps. Instead the consumption of positive instantiations 
of locks can mark a point of no return. In contrast to !•]] not every point of no return in d'D unambiguously 
marks a simulation of a single source term step, because in contrast to |'] the encoding d'D introduces 
partial commitments MM- 

Consider the example E = {o ^ Pi D p ^ P 2 ) \\[ o,p} {o ^ P 3 O p ^ P 4 n q ^ P 5 ). 



In the example, two sides of a parallel operator have to synchronise on either action p, or action o, or 
action q happens without synchronisation. In the centralised encoding [P] the use of once ensures that 
different simulation attempts cannot overlap. Thus, only after finishing the simulation of a source term 
step, the simulation of another source term step can be invoked. As a consequence each state reachable 
from encoded source terms can unambiguously be mapped to a single state of the source term. This 
allows us to use a stronger version of operational correspondence and, thus, to prove that source terms 
and their translations are bisimilar. The corresponding 1-to-l correspondence between source terms and 
their translations is visualised by the first two graphs above, where T ss [P]. 

The decentralised encoding d^D introduces partial commitments. Assume the translation of a source 
term that offers several alternative ways to be reduced. Then some encodings—as our decentralised 
one—do not always decide on which of the source term steps should be simulated next. More precisely a 
partial commitment refers to a state reachable from the translation of a source term in that already some 
possible simulations of source term steps are ruled out, but there is still more than a single possibility 
left. 

In the decentralised encoding announcements can be processed concurrently and parts of different 
simulation attempts can interleave. The only blocking part of the decentralised encoding are conflicting 
attempts to consume the same positive instantiation of a lock. In the presented example above there are 
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two locks; one for each side of the parallel operator. The simulations of the step on o and p need both of 
these locks, whereas to simulate the step on q only a positive instantiation of the right lock needs to be 
consumed. By consuming the positive instantiation of the left lock in an attempt to simulate the step on 
o, the simulation of the step on p is ruled out, but the simulation of the step on q is still possible. Since 
either the simulation of the step on o or the simulation of the step on q succeeds, the simulation of the 
step on p is not only blocked but ruled out. But the consumption of the instantiation of the left lock does 
not unambiguously decide between the remaining two simulations. The intermediate state that results 
from consuming the instantiation of the left lock and represents a partial commitment is visualised in the 
right graph above by the state PC\. 

Partial commitments forbid a 1-to-l mapping between the states of a source term and its translations 
by a bisimulation. But, as shown in ifT^ . partial commitments do not forbid to relate source terms and 
their translations by coupled similarity. 

Whether the consumption of a positive instantiation of a lock is an auxiliary step—does not change 
the state of the term modulo —, is a partial commitment, or unambiguously marks a simulation of a 
single source term step depends on the surrounding term, i.e., cannot be determined without the context. 
For simplicity we consider all steps that reduce a positive instantiation of a lock as simulation steps. Also 
steps on variants of the channels m, d, and (p'{X) are simulation steps, because they unambiguously mark 
a simulation of a single source term step. All remaining steps of the decentralised encoding are auxiliary. 

Definition 14 (Auxiliary and Simulation Steps). A step T i— T' such that 3S G (|S|) I=^t T is 
called a simulation step, denoted by T T', if T \— > T' reduces a positive instantiation of a lock or is 

a step on a variant of m, d, or (p'(X). 

Else the step T i— T' is called an auxiliary step, denoted by T i— ^ T'. 

Again let l=^ denote the reflexive and transitive closure of i—^ and let 1=^ = l=^i-^l==^. Since aux¬ 
iliary steps do not introduce partial commitments, they do not change the state modulo ss. The proof of 
this lemma is very similar to the centralised case. 

Lemma 15. T i—^ T' implies T th T' for all target terms T, T'. 

In contrast to the centralised encoding, the simulation of a source term step in the decentralised 
encoding can require more than a single simulation step and a single simulation step not unambiguously 
refers to the simulation of a particular source term step. The partial commitments described above forbid 
operational correspondence, but the weaker variant proposed in |l6l is satisfied. We call this variant weak 
operational correspondence. 

Definition 16 (Weak Operational Correspondence). 

An encoding enc(') : is weakly operationally corresponding w.r.t. «cs C if it is: 

Complete: V5,5'. 5 implies 3r. (|5^ T ^ «cs T 

Weakly Sound: VS, T. I=^t ^ implies 3S', T'. S S'AT T' A (|S'^ «cs T' 

The only difference to operational correspondence is the weaker variant of soundness that allows for 
T to be an intermediate state that does not need to be related to a source term directly. Instead there has 
to be a way from T to some T' such that T' is related to a source term. 

Theorem 5. The encoding d'D is weakly operational corresponding w.r.t. to ~. 

As in the encoding !•], there is no infinite sequence of only auxiliary steps in d^l). Moreover each 
simulation of a source term requires only finitely many simulation steps (to consume the respective 
positive instantiations of locks). Thus d'D reflects divergence. 
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Theorem 6. The encoding d'D reflects divergence. 

The encoding function ensures that (j^D has an unguarded occurrence of / iff S has such an unguarded 
occurrence. Operational correspondence again ensures that S and d^D also answer the question for the 
reachability of / in the same way. 

Theorem 7. The encoding d'D is success sensitive. 

Similarly, a source term reaches a barb iff its translation reaches the respective translated barb. 

Theorem 8. For all S, c, it holds S JJ-c iff d^D 

Weak operational correspondence does not suffice to establish a bisimulation between source terms 
and their translations. But, as proved in llTSl . Theorem[5l the fact that is success sensitive and respects 
(translated) observables. Theorem |71 and Theorem [ 8 ] imply that V^. S and [S']] are (success sensitive, 

(translated) barbs respecting, weak, reduction) coupled similar, i.e., S «cs d*^!)- 

It remains to show, that d'D indeed preserves distributability. Therefore we prove that all blocking 
parts of the encoding d'D refer to simulations of conflicting source term steps. 

Theorem 9. The encoding d-[) preserves distributability. 


6 Conclusions 

We introduced two encodings from CSP into asynchronous CCS with name passing and matching. As in 
ifT^ we had to encode the multiway synchronisation mechanism of CSP into binary communications and, 
similarly to (Thl, we did so first using a centralised controller that was then modified into a decentralised 
controller. By doing so we were able to transfer the observations of ifT^ to the present case: 

1. The centralised solution allows to prove a stronger connection between source terms and their 
translations, namely by bisimilarity. Our decentralised solution does not relate source terms and 
their translations that strongly and we doubt that any decentralised solution can do so. 

2. Nonetheless, decentralised solutions are possible as presented by the second encoding and they 
still relate source terms and their translations in an interesting way, namely by coupled similarity. 

Thus as in ifT^ we observed a trade-off between centralised but bisimilar solutions on the one-hand side 
and decentralised but only coupled similar solutions on the other side. 

More technically we showed here instead a trade-off between centralised but operationally corre¬ 
sponding solutions on the one-hand side and weakly operationally corresponding but decentralised solu¬ 
tions on the other side. The mutual connection between operational correspondence and bisimilarity as 
well as between weak operational correspondence and coupled similarity is proved in IT^ . 

Both encodings make strict use of the renaming policy and translate into closed terms. Hence the 
criterion name invariance is trivially satisfied in both cases. Moreover we showed that both encodings 
are success-sensitive, reflect divergence, and even respect barbs w.r.t. to the standard source term (CSP) 
barbs and a notion of translated barbs on the target. The centralised encoding [•]] additionally satisfies a 
variant of operational correspondence that is stricter than the variant proposed in 0. The decentralised 
encoding d'D satisfies weak operational correspondence as proposed in |! 6 j and distributability preser¬ 
vation as proposed in |[20l . Thus both encodings satisfy all of the criteria proposed in @ except for 
compositionality. However in both cases the inner part is obviously compositional and the outer part 
only adds a fixed context. 


M. Hatzel, C. Wagner, K. Peters, U. Nestmann 


75 


References 

[1] J. C. M. Baeten (2005): A Brief History of Process Algebra. Theor. Comput. Sci. 335(2-3), pp. 131-146, 
doi:10.1016/j.tcs.2004.07.036 

[2] E. Brinksma (1985): A tutorial on LOTOS. In: Proc. ofPSTV, pp. 171-194. 

[3] S. D. Brookes (1983): On the Relationship of CCS and CSP. In: Proc. of ICALP, LNCS 154, pp. 83-96, 
doi:10.1007/BFb0036899 

[4] H. Evrard & E. Lang (2015): Automatic Distributed Code Generation from Formal Models of Asynchronous 
Concurrent Processes. In: Proc. of PDF, IEEE, pp. 459^66, doi: 10.1109/PDP.2015.96 

[5] R. van Glabbeek (2012): Musings on Encodings and Expressiveness. In: Proc. of EXPRESS/SOS, EPTCS 89, 
pp. 81-98, doi: 10.4204/EPTCS.89.7 

[6] D. Gorla (2010): Towards a Unified Approach to Encodability and Separation Results for Process Calculi. 
Information and Computation 208(9), pp. 1031-1053, doi: 10.1016/j.ic.2010.05.002 

[7] M. Hatzel, C. Wagner, K. Peters & U. Nestmann (2015): Encoding CSP into CCS (Extended Version). Tech¬ 
nical Report. Available at http : //arxiv. org/abs/1508.01127 

[8] C. A. R. Hoare (1978): Communicating Sequential Processes. Communications of the ACM 21(8), pp. 
666-677, doi: 10.1145/359576.359585 

[9] C. A. R. Hoare (2006): Why ever CSP? Electronic Notes in Theoretical Computer Science 162(0), pp. 
209-215, doi: 10.1016/j.entcs.2006.01.031 

[10] I. Lanese & U. Montanari (2006): Hoare vs Milner: Comparing Synchronizations in a Graphical 
Framework With Mobility. Electronic Notes in Theoretical Computer Science 154(2), pp. 55 - 72, 
doi:10.1016/j.entcs.2005.03.032 

[11] R. Milner (1980): A calculus of communicating systems. Springer, doi: 10.1007/3-540-10235-3 

[12] R. Milner (1986): Process Constructors and Interpretations (Invited Paper). In: fPlP Congress, pp. 507-514. 

[13] R. Milner & D. Sangiorgi (1992): Barbed Bisimulation. In: Proc. of ICALP, LNCS 623, pp. 685-695, 
doi: 10.1007/3-540-55719-9.114 

[14] U. Nestmann (1996): On Determinacy and Nondeterminacy in Concurrent Programming. Ph.D. thesis, 
Universitat Erlangen-Niirnberg. 

[15] U. Nestmann & B. C. Pierce (2000): Decoding Choice Encodings. Information and Computation 163(1), pp. 
1-59, doi: 10.1006/inco.2000.2868 

[16] J. Parrow & P. Sjodin (1992): Multiway synchronization verified with coupled simulation. In: Proc. of 
CONCUR, LNCS 630, Springer, pp. 518-533, doi: 10.1007/bfb0084813 

[17] K. Peters (2012): Translational Expressiveness. Ph.D. thesis, TU Berlin. 

[18] K. Peters & R. van Glabbeek (2015): Analysing and Comparing Encodability Criteria. In: Proc. of EX¬ 
PRESS/SOS, EPTCS 190, pp. 46-60, doi: 10.4204/EPTCS. 190.4 

[19] K. Peters & U. Nestmann (2012): Is it a “Good” Encoding of Mixed Choice? In: Proc. of EoSSaCS, LNCS 
7213, pp. 210-224, doi: 10.1007/978-3-642-28729-9.14 

[20] K. Peters, U. Nestmann & U. Goltz (2013): On Distributability in Process Calculi. In: Proc. ofESOP, LNCS 
7792, Springer, pp. 310-329, doi: 10.1007/978-3-642-37036-6.18 

[21] P. Sjodin (1991): From LOTOS Specifications to Distributed Implementations. Ph.D. thesis. Department of 
Computer Science, Uppsala University. Available as Report DoCS 91/31. 


